feat: add null hostkey for server

fix: skip gssapi tests in fips mode fix: skip gssapi_key_exchange_null test on ubuntu and tumbleweed fix: return early when rc != 0 to show error tests: replace int asserts by ssh return code asserts fix: add fatal error when hostkeys are not found and gssapi kex is not enabled ci: add comment linking gssapi null kex bug in ubuntu and tumbleweed fix: don't specify hostkeys in config instead of deleting files tests: assert kex method was null refactor: remove redundant include refactor: better error message fix: check null before accessing in gssapi.c fix: allow setting no hostkeys Signed-off-by: Gauravsingh Sisodia <xaerru@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-28 07:13:54 +09:00 · 2024-08-29 14:03:12 +00:00
parent fd1c3e8878
commit c1aab9903f
21 changed files with 579 additions and 117 deletions
--- a/src/bind.c
+++ b/src/bind.c
@@ -245,8 +245,13 @@ int ssh_bind_listen(ssh_bind sshbind)
        sshbind->ecdsa == NULL &&
        sshbind->ed25519 == NULL) {
        rc = ssh_bind_import_keys(sshbind);
-        if (rc != SSH_OK) {
-            return SSH_ERROR;
+        if (rc == SSH_ERROR) {
+            if (!sshbind->gssapi_key_exchange) {
+                ssh_set_error(sshbind, SSH_FATAL,
+                            "No hostkeys found");
+                return SSH_ERROR;
+            }
+            SSH_LOG(SSH_LOG_DEBUG, "No hostkeys found: Using \"null\" hostkey algorithm");
        }
    }

@@ -467,6 +472,7 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd)
    session->opts.gssapi_key_exchange = sshbind->gssapi_key_exchange;

    if (sshbind->gssapi_key_exchange_algs != NULL) {
+        SAFE_FREE(session->opts.gssapi_key_exchange_algs);
        session->opts.gssapi_key_exchange_algs = strdup(sshbind->gssapi_key_exchange_algs);
        if (session->opts.gssapi_key_exchange_algs == NULL) {
            ssh_set_error_oom(sshbind);
@@ -519,8 +525,13 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd)
        sshbind->ecdsa == NULL &&
        sshbind->ed25519 == NULL) {
        rc = ssh_bind_import_keys(sshbind);
-        if (rc != SSH_OK) {
-            return SSH_ERROR;
+        if (rc == SSH_ERROR) {
+            if (!sshbind->gssapi_key_exchange) {
+                ssh_set_error(sshbind, SSH_FATAL,
+                            "No hostkeys found");
+                return SSH_ERROR;
+            }
+            SSH_LOG(SSH_LOG_DEBUG, "No hostkeys found: Using \"null\" hostkey algorithm");
        }
    }